Tech Support Forum - View Single Post - pop ups and constant explorer.exe lock ups

You are viewing a conversation about pop ups and constant explorer.exe lock ups. To view the entire conversation, or to join in, click here: Thread: pop ups and constant explorer.exe lock ups

View Single Post
Old 02-18-2009, 07:46 PM  
justguff
Registered Member
 
Join Date: Oct 2007
Posts: 21
OS: windows xp



ComboFix 09-02-17.02 - Guff 2009-02-18 21:36:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1450 [GMT -6:00]
Running from: c:\documents and settings\Guff\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Guff\Desktop\CFScript.txt
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\nsa75C.dll
c:\windows\system32\nsa8D0.dll
c:\windows\system32\nsaE0B.dll
c:\windows\system32\nsh659.dll
c:\windows\system32\nso6B0.dll
c:\windows\system32\nsp720.dll
c:\windows\system32\nsu1CC.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\c5249e8d-0b85-8eda-ce22-49c40718319c.exe
c:\windows\system32\nsa75C.dll
c:\windows\system32\nsa8D0.dll
c:\windows\system32\nsaE0B.dll
c:\windows\system32\nsh659.dll
c:\windows\system32\nsiA2D.dll
c:\windows\system32\nso6B0.dll
c:\windows\system32\nsp720.dll
c:\windows\system32\nssA9.dll
c:\windows\system32\nsu1CC.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TFFSMON
-------\Legacy_TFNETMON
-------\Legacy_TFSYSMON
-------\Legacy_THREATFIRE
-------\Service_TfFsMon
-------\Service_TfNetMon
-------\Service_TfSysMon
-------\Service_ThreatFire


((((((((((((((((((((((((( Files Created from 2009-01-19 to 2009-02-19 )))))))))))))))))))))))))))))))
.

2009-02-16 14:25 . 2009-02-16 14:25 250 --a------ c:\windows\gmer.ini
2009-02-14 14:21 . 2009-02-14 14:21 95 --a------ c:\windows\wininit.ini
2009-02-12 18:11 . 2009-02-12 18:11 244 --ah----- C:\sqmnoopt12.sqm
2009-02-12 18:11 . 2009-02-12 18:11 232 --ah----- C:\sqmdata12.sqm
2009-02-10 17:41 . 2009-02-10 17:41 <DIR> d-------- c:\documents and settings\Guff\Application Data\OpenOffice.org
2009-02-03 19:37 . 2009-02-03 19:37 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-02-03 19:37 . 2009-02-03 19:37 <DIR> d-------- c:\program files\JRE
2009-01-20 18:50 . 2009-01-20 18:50 268 --ah----- C:\sqmdata11.sqm
2009-01-20 18:50 . 2009-01-20 18:50 244 --ah----- C:\sqmnoopt11.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 03:33 --------- d-----w c:\program files\Viewpoint
2009-02-19 03:33 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint
2009-02-16 03:10 --------- d-----w c:\documents and settings\Guff\Application Data\Image Zone Express
2009-02-16 00:23 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ATI MMC
2009-02-15 06:13 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-02-15 00:05 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-15 00:00 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-02-14 23:58 --------- d-----w c:\program files\SpywareBlaster
2009-02-14 23:01 --------- d-----w c:\documents and settings\Guff\Application Data\uTorrent
2009-02-14 19:52 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-11 16:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 16:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-05 21:59 --------- d-----w c:\documents and settings\Guff\Application Data\OpenOffice.org2
2009-02-04 01:36 --------- d-----w c:\program files\OpenOffice.org 2.4
2009-01-25 21:11 --------- d-----w c:\program files\PeerGuardian2
2009-01-24 14:55 --------- d-----w c:\program files\CCleaner
2009-01-17 08:04 --------- d-----w c:\documents and settings\Guff\Application Data\Media Player Classic
2009-01-16 01:13 --------- d-----w c:\program files\Java
2009-01-16 01:08 --------- d-----w c:\program files\HP
2009-01-16 00:31 --------- d-----w c:\documents and settings\Guff\Application Data\Move Networks
2009-01-14 22:12 --------- d-----w c:\program files\Real Alternative
2009-01-14 22:11 --------- d-----w c:\program files\Real
2009-01-14 22:11 --------- d-----w c:\program files\Common Files\Real
2009-01-12 18:30 --------- d-----w c:\program files\Google
2009-01-11 01:53 --------- d-----w c:\program files\IMVU
2009-01-08 05:01 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 05:00 --------- d-----w c:\program files\DirecTV
2009-01-07 17:50 --------- d-----w c:\program files\Common Files\Apple
2008-12-19 01:00 --------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\DivX
2007-10-01 01:15 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-18_20.25.59.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2006-04-05 1622016]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2005-02-14 53248]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD4421"="del" [X]
"SpybotDeletingB2626"="command.com" [2004-08-04 c:\windows\system32\command.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"exflashservice"="c:\program files\EPOX\EFS\EZ_FLASH_SERVICE.exe" [2006-05-02 408064]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"58da1dc4"="c:\windows\system32\yuelkacb.dll" [BU]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 c:\windows\RTHDCPL.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC9034"="del" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504]
"SpybotDeletingA5295"="command.com" [2004-08-04 c:\windows\system32\command.com]

c:\documents and settings\Guff\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=mhuejh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.UYVY"= c:\windows\system32\msyuv.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.YUY2"= ATIVYUY.DLL
"VIDC.YU12"= ATIYUV12.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\justguff\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DirecTV\\DirecTV\\DIRECTV2PC(TM).exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-05 28544]
R2 CLHNService3;CLHNService3;c:\program files\DirecTV\DirecTV\Kernel\DMP\CLHNService.exe [2008-09-26 98304]
R2 Dynex DX-WGPDTC WLService;Dynex Wireless G Enhanced Adapter Service;c:\program files\Dynex Wireless G Enhanced Adapter\WLService.exe [2007-10-09 49152]
R2 ntk3;ntk3;c:\program files\DirecTV\DirecTV\Kernel\DMP\ntk3.sys [2008-09-26 120048]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-02-20 52240]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-09-28 36368]
R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [2005-03-30 175232]
R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [2005-03-30 29184]
R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [2005-03-30 9088]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-02-20 648456]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2007-10-29 7040]
S3 Si670m;WayTech Bluetooth USB Filter Driver;c:\windows\system32\drivers\Si670m.sys [2008-08-24 13312]
S3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\drivers\UCharger.sys [2007-05-15 13765]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2009-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2cbf63c3-1491-d9c1-0f6d-92c4c6653a06} - c:\windows\system32\nsa8D0.dll


.
------- Supplementary Scan -------
.
uStart Page =
FF - ProfilePath - c:\documents and settings\Guff\Application Data\Mozilla\Firefox\Profiles\8ncfxdze.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - plugin: c:\documents and settings\Guff\Application Data\Mozilla\Firefox\Profiles\8ncfxdze.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 21:41:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\AIM6\aolsoftware.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-02-18 21:45:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-19 03:45:40
ComboFix2.txt 2009-02-19 02:27:05

Pre-Run: 37,064,417,280 bytes free
Post-Run: 36,964,487,168 bytes free

237 --- E O F --- 2009-02-11 12:05:02
__________________
justguff is offline